1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
(cherry picked from commit f643eb38c3)
The pthread_mutex_lock and pthread_mutex_unlock were allowed to
fail silently on L 32 bit devices when passed a NULL. We changed
this to a crash on 32 bit devices, but there are still games that make
these calls and are not likely to be updated. Therefore, once again
allow NULL to be passed in on 32 bit devices.
Bug: 19995172
(cherry picked from commit 511cfd9dc8)
Change-Id: I159a99a941cff94297ef3fffda7075f8ef1ae252
A continuation of commit 2825f10b7f.
Add O_PATH compatibility support for flistxattr(). This allows
a process to list out all the extended attributes associated with
O_PATH file descriptors.
Change-Id: Ie2285ac7ad2e4eac427ddba6c2d182d41b130f75
The functions dlmalloc_inspect_all and dlmalloc_trim get
exported on devices that use dlmalloc, so be consistent and
export them everywhere.
Bug: 21640784
Change-Id: I5b8796cd03c8f401d37d9c22823144f766f9c4c7
It turns out that apportable apps expect that the DIR structure is
the same as in L and below. Modify the structure to have the same
order, and move the new variable to the end of the structure.
Bug: 21037208
(cherry picked from commit 5edb0f40f6)
Change-Id: I0c1ab5e295ec8bef638daa4cfea5830aeea602e6
Support O_PATH file descriptors when handling fgetxattr and fsetxattr.
This avoids requiring file read access to pull extended attributes.
This is needed to support O_PATH file descriptors when calling
SELinux's fgetfilecon() call. In particular, this allows the querying
and setting of SELinux file context by using something like the following
code:
int dirfd = open("/path/to/dir", O_DIRECTORY);
int fd = openat(dirfd, "file", O_PATH | O_NOFOLLOW);
char *context;
fgetfilecon(fd, &context);
This change was motivated by a comment in
https://android-review.googlesource.com/#/c/152680/1/toys/posix/ls.c
Change-Id: Ic0cdf9f9dd0e35a63b44a4c4a08400020041eddf
Adds a new _internal_ function. Provide a global serial number to
support more efficient private caching algorithms. This allows
to skip re-running the __system_property_find() call on misses until
there is a global change in the properties. This call is a read
barrier, the property data to be read following this call will be
read sequentially and up to date.
Bug: 19544788
Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
Spencer Low points out that we never actually set a name because the constant
part of the string was longer than the kernel's maximum, and the kernel
rejects long names rather than truncate.
Shorten the fixed part of the string while still keeping it meaningful. 9999
POSIX timers should be enough for any process...
Bug: https://code.google.com/p/android/issues/detail?id=170089
Change-Id: Ic05f07584c1eac160743519091a540ebbf8d7eb1
The visibility control in pthread_atfork.h is incorrect.
It breaks 64bit libc.so by hiding pthread_atfork.
This reverts commit 6df122f852.
Change-Id: I21e4b344d500c6f6de0ccb7420b916c4e233dd34
This doesn't affect code like Chrome that correctly ignores EINTR on
close, makes code that tries TEMP_FAILURE_RETRY work (where before it might
have closed a different fd and appeared to succeed, or had a bogus EBADF),
and makes "goto fail" code work (instead of mistakenly assuming that EINTR
means that the close failed).
Who loses? Anyone actively trying to detect that they caught a signal while
in close(2). I don't think those people exist, and I think they have better
alternatives available.
Bug: https://code.google.com/p/chromium/issues/detail?id=269623
Bug: http://b/20501816
Change-Id: I11e2f66532fe5d1b0082b2433212e24bdda8219b
1. Don't prevent calling callback when SIGEV_THREAD timers are disarmed by timer_settime.
As in POSIX standard: The effect of disarming or resetting a timer with pending
expiration notifications is unspecified. And glibc didn't prevent in this situation, so I
think it is fine to remove the support.
2. Still prevent calling callback when SIGEV_THREAD timers are deleted by timer_delete.
As in POSIX standard: The disposition of pending signals for the deleted timer is unspecified.
However, glibc handles this (although that is not perfect). And some of our tests in
time_test.cpp depend on this feature as described in b/18039727. so I retain the support.
3. Fix some flaky test in time_test.cpp, and make "time*" test pass on bionic-unit-tests-glibcxx.
Bug: 18263854
Change-Id: I8ced184eacdbfcf433fd81b0c69c38824beb8ebc
Previous implementation of rwlock contains four atomic variables, which
is hard to maintain and change. So I make following changes in this CL:
1. Add pending flags in rwlock.state, so we don't need to synchronize
between different atomic variables. Using compare_and_swap operations
on rwlock.state is enough for all state change.
2. Add pending_lock to protect readers/writers waiting and wake up
operations. As waiting/wakeup is not performance critical, using a
lock is easier to maintain.
3. Add writer preference option.
4. Add unit tests for rwlock.
Bug: 19109156
Change-Id: Idcaa58d695ea401d64445610b465ac5cff23ec7c
stubs.cpp gets string.h inherited from private/android_filesystem_config.h
it should not rely on this in the future. The intent is to move fs_config
function into libcutils and thus deprecate any need for string.h in this
include file.
Change-Id: I946ec1979ef5bbb34fbcb4a99bf2cd79280bb2a3
This is initial implementations; does not yet handle
dlclose - undefined behavior, needs linker support to
handle it right.
Bug: 19800080
Bug: 16696563
Change-Id: I7a3e21ed7f7ec01e62ea1b7cb2ab253590ea0686
It is due to a previous change "Let g_thread_list_lock only protect g_thread_list".
We need to add the newly created thread to thread_list even if
__init_thread fails, so the thread can exit successfully.
Change-Id: I0332df11acfdd181350bcc092b12d90d679057a4
This is a patch testing whether we can use abort() instead of
returning ESRCH for invalid pthread ids. It is an intermediate
step to remove g_thread_list/g_thread_list_lock.
Bug: 19636317
Change-Id: Idd8e4a346c7ce91e1be0c2ebcb78ce51c0d0a31d
For DeathTests, we are testing the output of stderr to check if it is the
death we are expecting. To collect the output, Gtest redirects stderr to
a temporary file. But in __libc_write_stderr in libc_logging.cpp, we are
writing to stderr without a O_APPEND flag, so a new message will overwrite
a previous message.
The above situation makes almost all the DeathTests fail on host. Because
the expected message are always overwritten in host DeathTests. So I add
O_APPEND flag in __libc_write_stderr, which makes all host DeathTests pass.
Change-Id: Ic2f6044fdb181eebe132a6f170b57db43c5c3289
As glibc/netbsd don't protect access to thread struct members by a global
lock, we don't want to do it either. This change reduces the
responsibility of g_thread_list_lock to only protect g_thread_list.
Bug: 19636317
Change-Id: I897890710653dac165d8fa4452c7ecf74abdbf2b
aligned attribute can only control compiler's behavior, but we
are manually allocating pthread_internal_t. So we need to make
sure of alignment manually.
Change-Id: Iea4c46eadf10dfd15dc955c5f41cf6063cfd8536
The errors are introduced in "Make pthread join_state not protected by g_thread_list_lock".
Bug: 19636317
Change-Id: I58ae9711da94bfbac809abfd81311eeb70301a4b
Bionic's getauxval(...) implementation returns zero when entries are
missing. Zero can be a valid value, so there is no unambiguous way of
detecting an error. Since glibc 2.19, errno is set to ENOENT when an
entry is missing to make it possible to detect this. Bionic should match
this behavior as code in the Linux ecosystem will start relying on it to
check for the presence of newly added entries.
Change-Id: Ic1efe29bc45fc87489274c96c4d2193f3a7b8854
Signed-off-by: Daniel Micay <danielmicay@gmail.com>
1. Move the representation of thread join_state from pthread.attr.flag
to pthread.join_state. This clarifies thread state change.
2. Use atomic operations for pthread.join_state. So we don't need to
protect it by g_thread_list_lock. g_thread_list_lock will be reduced
to only protect g_thread_list or even removed in further changes.
Bug: 19636317
Change-Id: I31fb143a7c69508c7287307dd3b0776993ec0f43
Make this change because I think it is more reasonable to check stack info
in pthread_getattr_np. I believe pthread_attr_t is not tied with any thread,
and can't have a flag saying who using it is the main thread.
This change also helps refactor of g_thread_list_lock.
Bug: 19636317
Change-Id: Iedbb85a391ac3e1849dd036d01445dac4bc63db9
The kernel system call faccessat() does not have any flags arguments,
so passing flags to the kernel is currently ignored.
Fix the kernel system call so that no flags argument is passed in.
Ensure that we don't support AT_SYMLINK_NOFOLLOW. This non-POSIX
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/access.html)
flag is a glibc extension, and has non-intuitive, error prone behavior.
For example, consider the following code:
symlink("foo.is.dangling", "foo");
if (faccessat(AT_FDCWD, "foo", R_OK, AT_SYMLINK_NOFOLLOW) == 0) {
int fd = openat(AT_FDCWD, "foo", O_RDONLY | O_NOFOLLOW);
}
The faccessat() call in glibc will return true, but an attempt to
open the dangling symlink will end up failing. GLIBC documents this
as returning the access mode of the symlink itself, which will
always return true for any symlink on Linux.
Some further discussions of this are at:
* http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003617.html
* http://permalink.gmane.org/gmane.linux.lib.musl.general/6952
AT_SYMLINK_NOFOLLOW seems broken by design. I suspect this is why this
function was never added to POSIX. (note that "access" is pretty much
broken by design too, since it introduces a race condition between
check and action). We shouldn't support this until it's clearly
documented by POSIX or we can have it produce intuitive results.
Don't support AT_EACCESS for now. Implementing it is complicated, and
pretty much useless on Android, since we don't have setuid binaries.
See http://git.musl-libc.org/cgit/musl/commit/?id=0a05eace163cee9b08571d2ff9d90f5e82d9c228
for how an implementation might look.
Bug: 18867827
Change-Id: I25b86c5020f3152ffa3ac3047f6c4152908d0e04
The overflow's actually in the generic C implementation of memchr.
While I'm here, let's switch our generic memrchr to the OpenBSD version too.
Bug: https://code.google.com/p/android/issues/detail?id=147048
Change-Id: I296ae06a1ee196d2c77c95a22f11ee4d658962da
The .note.android.ident section is only used by GDB, which doesn't
care what section type the section is, but it would be convenient
for readelf -n to be able to find the section too.
The old way of getting the .note.android.ident section to be of type
SH_NOTE involved compiling from .c to .s using gcc, running sed to
change progbits to note, and then compiling from .s to .o using gcc.
Since crtbrand.c only contains a section containing data, a
crtbrand.S can be checked in that will compile on all platforms,
avoiding the need for sed.
Also add crtbrand.o to crtbegin_so.o so that libraries also get
the note, and to the crt workaround in arm libc.so.
Change-Id: Ica71942a6af4553b56978ceaa288b3f4c15ebfa2
crtbrand.c was compiled to a .s file, run through a sed script
to translate a %progbits to %note, and the compiled to .o.
However, when the sed command was copied from the original source
it was not updated to use the new name of the section (.note.ABI-tag
to .note.android.ident), so it didn't modify the file. Since the
section has been generated with type %progbits instead of %note for
two years, just delete the whole sed step.
Change-Id: Id78582e9b43b628afec4eed22a088283132f0742
In https://android-review.googlesource.com/#/c/127908/5/libc/SYSCALLS.TXT@116
Elliott said:
for LP64 these will be hidden. for LP32 we were cowards and left
them all public for compatibility (though i don't think we ever
dremeled to see whether it was needed). we don't have an easy
way to recognize additions, though, so we can't prevent adding
new turds.
Add a mechanism to prevent the adding of new turds, and use that
mechanism on the fchmod/fchmodat system calls.
Bug: 19233951
Change-Id: I98f98345970b631a379f348df57858f9fc3d57c0
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
Don't send the trailing NUL bytes to the logger, call strlen if we already
know the length, or cast more specifically than we need to.
Change-Id: I68c9388a22bddea49120a1022dda8db8991360c1
Move various mips-only things into the arch-mips directory. As soon as mips
writes assembler replacements, we can remove these.
Change-Id: Ia7308559bc361f5c8df3e1d456b381865e060b93
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
If pthread_detach() is called while the thread is in pthread_exit(),
it takes the risk that no one can free the pthread_internal_t.
So I add PTHREAD_ATTR_FLAG_ZOMBIE to detect this, maybe very rare, but
both glibc and netbsd libpthread have similar function.
Change-Id: Iaa15f651903b8ca07aaa7bd4de46ff14a2f93835
<signal.h> shouldn't get you the contents of <errno.h>, and <fcntl.h>
shouldn't get you the contents of <unistd.h>.
Change-Id: I347499cd8671bfee98e6b8e875a97cab3a3655d3
Found by the toybox id(1) which calls both getpwuid(3) and getgrgid(3) before
looking at either result. The use of a shared buffer in this code meant that
even on a single thread, the data for any of the passwd functions would be
clobbered by the data for any of the group functions (or vice versa).
This might seem like an insufficient fix, but POSIX explicitly says (for
getpwnam) that the result "might be overwritten by a subsequent call to
getpwent(), getpwnam(), or getpwuid()" and likewise for other members of
that group, plus equivalent text for the group-related functions.
Change-Id: I2272f47e91f72e043fdaf7c169fa9f6978ff4370
Several cache related queries are added, such as
_SC_LEVEL1_DCACHE_LINESIZE, _SC_LEVEL1_DCACHE_SIZE and etc. For the
moment, we always return 0 for these queries.
Change-Id: I36f67af8128672d8c1eef49d6f2431cca5a94719
Based on the package/apps/Terminal implementation. I'll switch them over
shortly. This also lets us build the toybox version of netcat.
Change-Id: Ia922a100141a67409264b43b937eeca07b21f344
Unfortunately, this change provokes random crashes for ART, and
I have seen libc crashes on the device that might be related to it.
Reverting it fixes the ART crashes. there is unfortunately no
stack trace for the crashes, but just a "Segmentation fault" message.
This reverts commit cc5f6543e3.
Change-Id: I68dca8e1e9b9edcce7eb84596e8db619e40e8052
POSIX specifies that pthread_kill(3) and pthread_sigmask(3) are
supposed to live in signal.h rather than pthread.h.
Since signal.h now needs pthread_t and pthread_attr_t, I've moved
those defintions into include/machine/pthread_types.h to keep the
namespace clean. I also sorted some includes. The combination of these
two things seems to have exploded into a cascade of missing includes,
so this patch also cleans up all those.
Change-Id: Icfa92a39432fe83f542a797e5a113289d7e4ad0c
stdin/stdout/stderr are special; their mutexes are initialized by
__sinit. There's no unit test for this, because __sinit has already
been called by the time the first unit test runs, but you could
reproduce this failure with a trivial main() that calls flockfile
or ftrylockfile on one of the standard streams before otherwise
using stdio.
Bug: 18208568
Change-Id: I28d232cf05a9f198a2bed61854d8047b23d2091d
On LP32, this makes no difference. Not an ABI change.
On LP64, results are going to be in %rax or x0 whether they're 32- or 64-bit,
and the only difference is going to be whether the top bits are clobbered.
Bug: 18390956
Change-Id: I0bd4496231bdded34c1fa03e895021ac0df7f8e1
This catches one trivial difference between us and glibc --- the error
returned by pthread_setname_np for an invalid pthread_t.
Change-Id: If4c21e22107c6488333d11184f8005f8669096c2
change to behaviour the same as glibc for the check about buflen
Change-Id: I98265a8fe441df6fed2527686f89b087364ca53d
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Strictly speaking, this only implements the _l variants of the functions
we actually have. We're still missing nl_langinfo_l, for example, but we
don't have nl_langinfo either.
Change-Id: Ie711c7b04e7b9100932a13f5a5d5b28847eb4c12
When setting a repeat timer using the SIGEV_THREAD mechanism, it's possible
that the callback can be called after the timer is disarmed or deleted.
This happens because the kernel can generate signals that the timer thread
will continue to handle even after the timer is supposed to be off.
Add two new tests to verify that disarming/deleting doesn't continue to
call the callback.
Modify the repeat test to finish more quickly than before.
Refactor the Counter implementation a bit.
Bug: 18039727
(cherry pick from commit 0724132c32)
Change-Id: I135726ea4038a47920a6c511708813b1a9996c42
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.
Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
valgrind seems to mess with the stack enough that the kernel will
report "[stack:pid]" rather than "[stack]" in /proc/self/maps, so
switch to the task-specific file instead to force "[stack]". (There
are two conditions in the kernel code that decides which form to
output.)
Bug: 17897476
Change-Id: Iff85ceb6d52e8716251fab4e45d95a27184c5529
It turns out that appportable has a version that calls dlmalloc directly.
Re-add the dlmalloc symbol for 32 bit only as a compatibility shim that
calls malloc.
Bug: 17881362
(cherry pick commit from c9734d24d9)
Change-Id: Iee9a777f66a1edb407d7563a60792b767ac4f83a
__open_2() is used by the fortify implementation of open(2) in
fcntl.h, and as such needs an unmangled C name. For some reason
(inlining?), this doesn't cause problems at the default optimization
level, but does for -O0.
The rest of these didn't cause build failures, but they look suspect
and probably will, we just haven't caught them yet.
Bug: 17784968
Change-Id: I7391a7a8999ee204eaf6abd14a3d5373ea419d5b
This library calls pthread_mutex_lock and pthread_mutex_unlock with a NULL
pthread_mutex_t*. This gives them (and their users) one release to fix things.
Bug: 17443936
Change-Id: I3b63c9a3dd63db0833f21073e323b3236a13b47a
At -O0, the attribute warning on sprintf is actually triggered (why
doesn't this happen with -Os?!) and promoted to an error by -Werror.
asctime64_r() is a non-standard function, but the IBM docs state that
the buffer is assumed to be at least 26 characters wide, and the
format string does limit to that (assuming a 4 digit year, also
defined by the IBM docs).
http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.bpxbd00/asctimer.htm
Change-Id: I1c884474a769aa16c53e985c3d8d694c478c1189
Unlike times(), clock_gettime() is implemented as a vDSO on many architectures.
So, using clock_gettime() will return a more accurate time and do so with less
overhead because it does have the overhead of calling into the kernel.
It is also significantly more accurate because it measures the actual time in
nanoseconds rather than the number of ticks (typically 1 millisecond or more).
Bug: 17814435
Change-Id: Id4945d9f387330518f78669809639952e9227ed9
strtoll(3), strtoull(3), wcstoll(3), and wcstoull(3) all take an _int_
as a base, not a size_t. This is an ABI compatibility issue.
Bug: 17628622
Change-Id: I17f8eead34ce2112005899fc30162067573023ec
The debuggerd case can probably never happen, because you're crashing at this
point anyway. The system property one seems possible though.
Change-Id: Idba6a4f1d68587ec5b320d1e25f0b6a987ea32a0
fpathconf(3) and pathconf(3) can share code. There's no such
header file as <pathconf.h>. glibc/POSIX and BSD disagree about where
the _POSIX_* definitions should go.
Change-Id: I4a67f1595c9f5fbb26700a131178eedebd6bf712
gdb was happy with what we had, but libgcc and libunwind weren't.
libgcc is happy with the kernel's restorer (because of the extra nop),
though libunwind looks like it's going to need code changes regardless.
We could make our restorer more like the kernel's one, but why bother
when we can just let the kernel supply the canonical one?
Bug: 17436734
Change-Id: I330fa5e68f23b1cf8133aa552896657b0b873ed3
* LP32 should use sa_restorer too. gdb expects this, and future (>= 3.15) x86
kernels will apparently stop supporting the case where SA_RESTORER isn't
set.
* gdb and libunwind care about the exact instruction sequences, so we need to
modify the code slightly in a few cases to match what they're looking for.
* gdb also cares about the exact function names (for some architectures),
so we need to use __restore and __restore_rt rather than __sigreturn and
__rt_sigreturn.
* It's possible that we don't have a VDSO; dl_iterate_phdr shouldn't assume
that getauxval(AT_SYSINFO_EHDR) will return a non-null pointer.
This fixes unwinding through a signal handler in gdb for all architectures.
It doesn't fix libunwind for arm and arm64. I'll keep investigating that...
Bug: 17436734
Change-Id: Ic1ea1184db6655c5d96180dc07bcc09628e647cb
Also remove a reference to it and two other files that have already
been removed in a script --- these files were problematic because they
weren't UTF-8.
Change-Id: Ibf597bac1903c34d8d0fe0a09615c42f24d4f23d
A lot of third-party code calls the private __get_thread symbol,
often as part of a backport of bionic's pthread_rwlock implementation.
Hopefully this will go away for LP64 (since you're guaranteed the
real implementation there), but there are still APIs that take a tid
and no way to convert between a pthread_t and a tid. pthread_gettid_np
is a public API for that. To aid the transition, make __get_thread
available again for LP32.
(cherry-pick of 27efc48814b8153c55cbcd0af5d9add824816e69.)
Bug: 14079438
Change-Id: I43fabc7f1918250d31d4665ffa4ca352d0dbeac1
The use of the .hidden directive to avoid going via the PLT for
__set_errno had the side-effect of actually making __set_errno
hidden (which is odd because assembler directives don't usually
affect symbols defined in a different file --- you can't even
create a weak reference to a symbol that's defined in a different
file).
This change switches the system call stubs over to a new always-hidden
__set_errno_internal and has a visible __set_errno on LP32 just for
binary compatibility with old NDK apps.
(cherry-pick of 7efad83d430f4d824f2aaa75edea5106f6ff8aae.)
Bug: 17423135
Change-Id: I6b6d7a05dda85f923d22e5ffd169a91e23499b7b
